Just an update in the .htaccess redirections attacks that we posted a few days ago.
These are some of the new domains being used (specially the clearagent.ru one):
It is happening on WordPress and Joomla sites, but can affect any web site, since they are getting access to sites via stolen passwords. Once in there, they modify the .htaccess file to redirect users to malware domains (and search engines for SEO). In some cases, the code is injected in the index.php file:
Sucuri identifies those type of web-based malware as: http://sucuri.net/malware/malware-entry-mwiframehd203.
Our support team can clean it up for you if you are infected. Sign up with us here: http://sucuri.net/signup and we will get it sorted out pretty quickly.
If you have any question, let us know (firstname.lastname@example.org).